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ABSTRACT 

We explore the emerging field of Cybersecurity Dynamics, a can¬ 
didate foundation for the Science of Cybersecurity. 


emerging field, called Network Science, would play a fundamental 
role in cybersecurity dynamics (as a supporting technology). From 
this perspective, a vision related to cybersecurity dynamics was re¬ 
cently independently explored by Kott (6). 


Categories and Subject Descriptors 

D.4.6 [Security and Protection] 

General Terms 

Security, Theory 
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1. THE CONCEPT 

In the course of seeking fundamental concepts that would drive 
the study of cybersecurity for the many years to come — just like 
how concepts such as confidentiality, integrity and availability have 
been driving the study of security for decades — the idea of cy¬ 
bersecurity dynamics emerged. Intuitively, cybersecurity dynamics 
describes the evolution of global cybersecurity state as caused by 
cyber attack-defense interactions. Figure [T] illustrates the evolu¬ 
tion of cybersecurity state of a toy cyber system that has six nodes, 
which can represent computers (but other resolutions are both pos¬ 
sible and relevant). In this example, a node may be in one of two 
states, secure (green color) or compromised (red color); a secure 
node may become compromised and a compromised node may be¬ 
come secure again, and so on. A red-colored node u pointing to a 
red-colored node v means u successfully attacked v. Even if node 
5 is not attacked by any other node at time ti, it still can become 
compromised because of (e.g.) an insider attack launched by an au¬ 
thorized user. A core concept in cybersecurity dynamics is attack- 
defense structure, namely complex network capturing the relation 
which computer can directly attack and/or defend for which other 
computer in a cyber system of interest. This means that another 

*A website dedicated to cybersecurity dynamics is available at 
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Figure 1: Illustration of cybersecurity dynamics in a toy cyber¬ 
system, wbicb has six nodes (denoted by 1,..., 6) whose states 
evolve over time as caused by cyber attack-defense interactions. 
A node has two states: secure (green color) and compromised 
(red color). Dashed arrows represent successful attacks. 

Cybersecurity dynamics can serve as a foundation for the Sci¬ 
ence of Cybersecurity because of the following. First, cyber attacks 
are inevitable and defenders need to know the dynamic cybersecu¬ 
rity states so as to manage the risk (e.g., using appropriate threshold 
cryptosystems or Byzantine fault-tolerance schemes). Cybersecu¬ 
rity dynamics offers natural security metrics such as: What is the 
probability that a node is compromised at time t? What is the (ex¬ 
pected) number of nodes that are compromised at time i? Such 
basic metrics can be used to define more advanced security/risk 
metrics for decision-making purposes. Together they can be used 
to characterize the global effect of deploying some defense tools 
or mechanisms. Second, cybersecurity dynamics naturally leads 
to the notion of macroscopic cybersecurity, where the model pa¬ 
rameters abstract (e.g.) the power of microscopic attack/defense 
mechanisms and security policies. The distinction between macro¬ 
scopic security and microscopic security might help separate se¬ 
curity services (i.e., management- or operation-oriented) from se¬ 
curity techniques (i.e., design-oriented). Third, cybersecurity dy¬ 
namics offers an overarching framework that can accommodate de¬ 
scriptive, prescriptive, and predictive cybersecurity models, which 
can be systematically studied by using various mathematical tech¬ 
niques (broadly defined). For example, we can characterize the 
cybersecurity phenomena exhibited by the dynamics and pin down 

















the factors/laws that govern the evolutions. 

Cybersecurity dynamics vs. biological epidemic dynamics. Re¬ 
searchers have been trying to design and build computer systems 
that can mimic the elegant properties of biological (especially hu¬ 
man body) systems, through concepts such as Artificial Immune 
System 0. Not surprisingly, the concept of cybersecurity dynam¬ 
ics is inspired by epidemic models of biological systems O- The 
concept is also inspired by models of interacting particle systems 
m , and by the microfoundation in economics (i.e., macroeconomic 
parameters are ideally derived from, or the output of, some microe¬ 
conomic models) (5). Furthermore, the concept naturally general¬ 
izes the many models that are scattered in a large amount of lit¬ 
erature in venues including both statistical physics (e.g., Qol) and 
computer science (e.g., diniiiii). However, as we will discuss 
in Section fully understanding and managing cybersecurity dy¬ 
namics requires us to overcome several technical barriers. 


2. RESEARCH ROADMAP 

In order to fulfill the envisioned cybersecurity dynamics founda¬ 
tion for the Science of Cybersecurity, we suggest a research roadmap 
that consists of three integral thrusts. 

Thrust I: Building a systematic theory of cybersecurity dynam¬ 
ics. The goal is to understand cybersecurity dynamics wia. first- 
principles modeling, by using as-simple-as-possible models with 
as-few-as-possible parameters and making as-weak-as-possible as¬ 
sumptions. Such models aim to derive macroscopic phenomena 
or properties from microscopic cyber attack-defense interactions. 
These studies can lead to cybersecurity laws of the following kind: 
What is the outcome of the interaction between a certain class of 
cyber defenses (including policies) and a certain class of cyber at¬ 
tacks? The models may assume away how model parameters can 
be obtained (obtaining the parameters is the focus of Thrust II), as 
long as they are consistent with cyber attack and defense activi¬ 
ties. Such characterization studies might additionally address the 
following question: In order to obtain a certain kind of results, cer¬ 
tain model parameters must be provided no matter how costly it is 
to obtain them. Early-stage investigations falling into this Thrust 
include nniiiiiiiisiiniiiiiiiniiBiiii, 

Thrust II: Data-, policy-, architecture- and mechanism-driven 
characterization studies. The goal is to characterize security poli¬ 
cies, architectures and mechanisms from the perspective of cyber¬ 
security dynamics. These studies allow us to extract model pa¬ 
rameters for practical use of the cybersecurity insights/laws discov¬ 
ered by Thrust I, so as to guide real-life cyber operation decision¬ 
making. Data-driven cybersecurity analytics is relevant to all these 
studies. For example, by studying the notion of stochastic cyber 
attack process, it is possible to conduct “gray-box" (rather than 
“black-box") predictions d, which can serve as earlywarning in¬ 
formation and guide the provisioning of resources for cost-effective 
defense. This Thrust might lead to the development of cybersecu¬ 
rity instruments, which can measure useful attributes — like the 
various kinds of medical devices that can measure various health 
attributes/parameters of human body. 

Thrust III: Bridging gaps between Thrusts I & II. The goal is 
to bridge the gaps between Thrust I and Thrust II. This Thrust can 
inform Thrust II what parameters used in the models of Thrust I 
are necessary to obtain, no matter how costly it is to obtain them. 
On the other hand, this Thrust can also inform Thrust I that certain 
other parameters may be easier to obtain in practice, and therefore 
alternate models may be sought instead. Research on experimental 
cybersecurity, in lieu of experimental physics, will be a main theme 
of this Thrust. 


3. TECHNICAL BARRIERS 

In order to fulfill the envisioned cybersecurity dynamics founda¬ 
tion for the Science of Cybersecurity, we need to overcome several 
technical barriers that are believed to be inherent to the problem of 
cybersecurity (i.e., they cannot be bypassed) and do not have coun¬ 
terparts (at least to a large extent) in the inspiring disciplines men¬ 
tioned above. Representatives are: (a) The scalability barrier: Sup¬ 
pose there are n nodes, where each node has 2 states. Then, there 
are 2" global states. This state-space explosion prevents simple 
treatment of stochastic processes, (b) The nonlinearity barrier: The 
probability that a computer is compromised would depend on the 
states of other computers in a (highly) nonlinear fashion. This can 
render many analysis techniques useless, (c) The dependence bar¬ 
rier: The states of computers are dependent upon each other (e.g., 
they may have the same software vulnerability), and thus we need 
to accommodate such dependence between them, (d) The struc¬ 
tural dynamics barrier: The heterogeneous attack-defense complex 
network structures may be dynamic at a time scale that may or may 
not be the same as the time scale of the cybersecurity dynamics, (e) 
The non-equilibrium (or transient behavior) barrier: It is important 
to understand both the equilibrium states and the dynamics before 
it converges to the equilibrium distribution/state (if it does at all). 
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